As you can see, the Hyper-V team is constantly adding new cmdlets in every release.

If we look into PowerShell module in Windows Server 2016 TP5 and count the Hyper-V cmdlets that are available under our disposal.

We have now 221 cmdlets in TP5 versus 217 in Hyper-V 2016 TP4, so we have 4 new cmdlets so far…

One important note to mention that starting with Windows Server 2016 TP2 and Windows 10, Microsoft added two PowerShell modules in-box Version 1.1 and Version 2.0 to help you manage cross-versions down level Hyper-V hosts (Windows Server 2012, 2012 R2 and 2016).

At the time of writing, you need to have a separate PowerShell session if you want to manage down-level hosts and Server 2016, in other words, every time you want to manage Server 2012 R2 or below, you want to remove the default PowerShell module V2.0 and load PowerShell module V1.1 as shown in the following screenshot.

Alternately, you can open two PowerShell sessions and load the desired PowerShell module. I know this is not efficient at the moment, hopefully this will change in the future.

So what are those 4 new cmdlets? Let’s compare Hyper-V 2016 TP4 and TP5 modules side by side and explore the difference.

I will use the Compare-Object cmdlet, but before doing that, you need to capture the XML file with all Hyper-V PowerShell cmdlets from Windows Server 2016 TP4 and TP5 hosts respectively.

On TP4 Host run the following command:

Get-Command -Module Hyper-V | Export-Clixml C:\HyperV-TP4-Compare.xml

On TP5 Host run the following command:

Get-Command -Module Hyper-V | Export-Clixml C:\HyperV-TP5-Compare.xml

The result above will be a table telling you what is different. Every PowerShell cmdlet that’s in the reference set (HyperV-TP4-Compare.xml), but not in the difference set (HyperV-TP5-Compare.xml), will have a <= indicator (which in this case Set-VMSecurityProfile). However, If a cmdlet is on the difference right side but not on the reference left side, it will have a => indicator which is our case here with 5 new cmdlets. Finally, PowerShell cmdlets that match across both sets won’t be included in the difference output.

All the previous PowerShell cmdlets that are available in Windows Server 2016 TP4 Hyper-V are available as well in Windows Server 2016 Technical Preview 5 in addition to the following:

New Cmdlets in Windows Server 2016 Hyper-V

PowerShell

1

2

3

4

5

Set-VMSecurity

Set-VMSecurityPolicy

Get-VMNetworkAdapterTeamMapping

Remove-VMNetworkAdapterTeamMapping

Set-VMNetworkAdapterTeamMapping

As you can see in above screenshot, Set-VMSecurityProfile is not available anymore in WS2016 TP5, Set-VMSecurityProfile is being deprecated, you should either use Set-VMSecurity or Set-VMSecurityPolicy instead.

Let’s dive in and discover what those new cmdlets bring to Hyper-V 2016 in TP5.

Set-VMSecurity

Trust is the biggest blocker to cloud computing adaption. Microsoft in Windows Server 2016 is investing a lot in the Hyper-V core platform to start providing these guarantees, and even if you trust or you don’t trust your administrators and service providers, no one can access your data!

Set-VMSecurity with –EncryptStateAndVmMigrationTraffic parameter determines, whether the VM’s memory is supposed to be encrypted when saved to disk or when live migrated to another Hyper-V host.

If we look at Windows Server 2016 Technical Preview 4 Hyper-V and open any Generation 2 VM settings, the Encrypt State and Virtual Machine migration traffic option was not included in the UI.

However, in Windows Server 2016 Technical Preview 5 Hyper-V, the UI has been updated to reflect those changes around shielded VMs…

If you connect to the VM and open device manager,you can see vTPM 2.0 listed under Security devices, then you can install BitLocker and Turn it on.

Set-VMSecurityPolicy

Set-VMSecurityPolicy can be used to configure the virtual machine’s policy. However, this is only possible in “Local HGS Mode” or until the virtual machine has been started for the first time.

As a side note, shielded VMs can be deployed using Active Directory Attestation or using TPM Attestation, the TPM Attestation requires TPM V2.0 chip to be installed on the physical host.

For demo purposes, you can create a shielded VM based on a local host certificate (untrusted guardian).

Set-VMSecurityPolicy

PowerShell

1

2

3

4

5

6

7

8

9

10

11

12

13

# Install Host Guardian Hyper-V Support Feature

Install-WindowsFeature-NameHostGuardian-Restart–Verbose

$VM=new-vm-NameShieldedDemo-Generation2

$owner=Get-HgsGuardianUntrustedGuardian-ErrorActionSilentlyContinue

if(!$owner){

$owner=New-HgsGuardian-NameUntrustedGuardian–GenerateCertificates

}

$owner=Get-HgsGuardianUntrustedGuardian

$kp=New-HgsKeyProtector-Owner$owner-AllowUntrustedRoot

Set-VMKeyProtector-VM$vm-KeyProtector$kp.RawData

Set-VMSecurityPolicy-VM$vm-Shielded$true

Start-VM$vm

Note, the VM console access is not available for shielded VMs, therefore you need to access it through RDP only.

If you don’t install the HostGuardian feature for Hyper-V support and then reboot your host, you won’t be able to start the virtual machine because the host’s Isolated User Mode is off.

Set-VMNetworkAdapterTeamMapping

In Windows Server 2016, Microsoft is adding a new feature to force a host vNIC or a virtual machine vmNIC to be affinitized to a particular team member. The reason behind this can be used in many scenarios, for example in a converged network deployment, you want to ensure that traffic from a given vNIC on the host, e.g,. a storage vNIC, uses a particular pNIC (physical NIC) to send traffic so that it passes through a shorter path to the backend storage.

Please note that setting an affinity will not prevent failover to another physical NIC if the selected NIC encounters failures, in other words, if the physical NIC encounters any issue, the affinitized vNIC or vmNIC will failover to another team member. The affinity will be restored when the selected pNIC is restored to operation.

Charbel Nemnom is a Microsoft Cloud Consultant and Technical Evangelist, totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 15 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize performance of mission-critical enterprise systems. Excellent communicator adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design and virtualization.